X-Pack Settings in Logstash

X-Pack Settings in Logstash

You configure settings for X-Pack features in the elasticsearch.yml, kibana.yml, and logstash.yml configuration files.

X-Pack Feature Elasticsearch Settings Kibana Settings Logstash Settings

Development Tools

No

Yes

No

Graph

No

Yes

No

Machine learning

Yes

Yes

No

Monitoring

Yes

Yes

Yes

Reporting

No

Yes

No

Security

  • Auditing

Yes

Yes

No

Yes

No

No

Watcher

Yes

No

No

For more Logstash configuration settings, see Settings File.

The following Logstash settings are configured in the logstash.yml and pertain to specific X-Pack features.

Monitoring Settings in Logstash

You can set the following xpack.monitoring settings in logstash.yml to control how monitoring data is collected from your Logstash nodes. However, the defaults work best in most circumstances. For more information about configuring Logstash, see Settings File.

xpack.monitoring.enabled
Monitoring is enabled by default. Set to false to disable X-Pack monitoring.
xpack.monitoring.collection.interval
Controls how often data samples are collected and shipped on the Logstash side. Defaults to 10s.
xpack.monitoring.elasticsearch.url
The Elasticsearch instances that you want to ship your Logstash metrics to. This might be the same Elasticsearch instance specified in the outputs section in your Logstash configuration, or a different one. This is not the URL of your dedicated monitoring cluster. Even if you are using a dedicated monitoring cluster, the Logstash metrics must be routed through your production cluster. You can specify a single host as a string, or specify multiple hosts as an array. Defaults to http://localhost:9200.
xpack.monitoring.elasticsearch.username and xpack.monitoring.elasticsearch.password
If your Elasticsearch is protected with basic authentication, these settings provide the username and password that the Logstash instance uses to authenticate for shipping monitoring data.
xpack.monitoring.elasticsearch.ssl.ca
Optional setting that enables you to specify a path to the .pem file for the certificate authority for your Elasticsearch instance.
xpack.monitoring.elasticsearch.ssl.truststore.path
Optional settings that provide the paths to the Java keystore (JKS) to validate the server’s certificate.
xpack.monitoring.elasticsearch.ssl.truststore.password
Optional settings that provide the password to the truststore.
xpack.monitoring.elasticsearch.ssl.keystore.path
Optional settings that provide the paths to the Java keystore (JKS) to validate the client’s certificate.
xpack.monitoring.elasticsearch.ssl.keystore.password
Optional settings that provide the password to the keystore.